Conifer Value-Based Care Data Breach

Conifer Value-Based Care, LLC (“Conifer”) has notified individuals about a data security incident that may have compromised personal information. While the breach did not involve highly sensitive data like Social Security numbers or financial information, the exposure of personal details can still pose a risk. If you have been affected, read on to learn more about the breach, what information was exposed, and what steps you can take to protect yourself.

Conifer Value-Based Care’s Data Breach Investigation

On August 28, 2025, Conifer became aware of an unauthorized third-party accessing an employee’s Microsoft Office 365-hosted business email account. Once the incident was detected, Conifer immediately took steps to contain the breach and launched a comprehensive investigation. The unauthorized access occurred on both August 28 and August 29, 2025.

It’s important to note that the breached email account was separate from Conifer’s internal network and systems, which were not affected. Conifer worked diligently to identify the individuals whose information might have been compromised and performed a thorough review to determine the scope of the breach. This review was completed on November 10, 2025, and notifications were sent to impacted individuals through their healthcare provider or plan on November 14, 2025. Conifer also collaborated with these providers and plans to verify the addresses of affected individuals, which was completed by December 5, 2025.

When Did This Breach Occur?

The unauthorized access occurred between August 28, 2025, and August 29, 2025, when the third party gained access to a business email account hosted on Microsoft Office 365. Conifer took immediate action to contain the threat and began an investigation to assess the full extent of the breach. Notifications to potentially impacted individuals were sent in mid-November 2025.

What Information Was Breached?

The personal information involved in this incident may have included one or more of the following:

• Name

• Address

• Guarantor information (for individuals who agree to pay for healthcare services but are not the patient)

• Other non-sensitive health-related information

Please note that the following sensitive information was not affected in this incident:

• Social Security numbers

• Driver’s license or state ID numbers

• Credit and debit card information

• Financial account information

• Account passwords

While the breach did not expose highly sensitive financial or personal identifiers, the exposure of any personal information should be taken seriously. Affected individuals are encouraged to monitor their data for any potential misuse.

What You Can Do

If you were impacted by the Conifer data breach, here are some important steps you can take to protect yourself:

1. Monitor Your Accounts: Keep a close eye on your credit card, bank, and healthcare provider statements for any unauthorized activity or suspicious charges. Promptly report any irregularities to your financial institution.

2. Request a Free Credit Report: You are entitled to one free credit report per year from each of the three major credit bureaus—Equifax, Experian, and TransUnion. Review these reports for any signs of fraud or inaccuracies.

3. Place a Fraud Alert or Credit Freeze: Consider placing a fraud alert or security freeze on your credit report to make it more difficult for identity thieves to open accounts in your name.

4. Stay Vigilant for Fraudulent Activity: Be alert for any unusual communications, such as emails, phone calls, or messages requesting personal information. Scammers may attempt to exploit exposed data for fraudulent purposes.

5. Follow the Instructions Provided by Conifer: Conifer has offered resources and services to help protect affected individuals. Be sure to follow the instructions included in their notifications for further assistance.

File a Data Breach Lawsuit Against Conifer Value-Based Care

If you received a notification from Conifer or believe your personal information was compromised in this breach, you may be eligible to join a class action lawsuit for compensation. A class action lawsuit allows affected individuals to come together and hold Conifer accountable for the breach and any potential harm caused.

At Class Action U, we connect individuals who have been affected by data breaches with experienced attorneys who specialize in class action lawsuits. If you’ve been impacted by this incident, contact us today for a free consultation. There is no cost to explore your legal options, and no obligation after speaking with our legal partners. Together, we can seek justice and hold Conifer accountable.